Emergency Vulnerability Bulletin - 09/30/22

https://www.redlegg.com/hubfs/Theme-2024/overlay-red.png featured image

By: RedLegg Blog

Atlassian Bitbucket Server and Data Center Vulnerability

Identifier: CVE-2022-36804

Exploit or POC: Yes (Actively Being Exploited)

Update: https://jira.atlassian.com/browse/BSERV-13438

Description: CVE-2022-36804 allows for arbitrary code execution by transmitting malicious HTTP requests. To successfully exploit this vulnerability read permissions to a private or public Bitbucket repository is required.

Mitigation recommendation: Patching is currently the only method of mitigation

RedLegg Action: None at this time.